ethical hacking
DESCRIPTION
TRANSCRIPT
![Page 1: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/1.jpg)
Ethical Hacking
By:Aashish SharmaCS Final Year0609210001
![Page 2: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/2.jpg)
HACKER
![Page 3: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/3.jpg)
>Definitions<>Definitions<Hacker : any programming specialist who
has expertise to enter computer network unauthorized.
Cracker : some one who destructs things.Hacking : act of illegally entering a
computer system, and making unauthorized changes to the files and data contain within.
![Page 4: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/4.jpg)
What is Ethical Hacking? Ethical hacking – defined “methodology adopted by
ethical hackers to discover the vulnerabilities existing in information systems’ operating environments.”
With the growth of the Internet, computer security has become a major concern for businesses and governments.
In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems.
![Page 5: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/5.jpg)
Ethical Hacking Independent computer security
Professionals breaking into the computer systems.
Neither damage the target systems nor steal information.
Evaluate target systems security and report back to owners about the vulnerabilities found.
![Page 6: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/6.jpg)
Ethical Hackers but not Criminal Hackers Completely trustworthy. Strong programming and computer
networking skills. Learn about the system and trying to
find its weaknesses. Techniques of Criminal hackers-
Detection-Prevention. Published research papers or released
security software. No Ex-hackers.
![Page 7: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/7.jpg)
Source: CERT-India
January - 2005 June 01, 2004 to Dec.31, 2004
Domains No of Defacements
.com 922
.gov.in 24
.org 53
.net 39
.biz 12
.co.in 48
.ac.in 13
.info 3
.nic.in 2
.edu 2
other 13
Total 1131
Defacement Statistics for Indian Websites
![Page 8: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/8.jpg)
Source: CERT/CCTotal Number of Hacking Incidents
Graph upto fiscal year 2003
![Page 9: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/9.jpg)
Types of hacking
Normaldata transfer
Interruption Interception
Modification Fabrication
![Page 10: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/10.jpg)
Why do hackers hack? Just for fun Show off Hack other systems secretly Notify many people their thought Steal important information Destroy enemy’s computer network during
the war
![Page 11: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/11.jpg)
What do hackers do after hacking? Patch security hole
– The other hackers can’t intrude Clear logs and hide themselves Install rootkit ( backdoor )
– The hacker who hacked the system can use the system later
– It contains trojan ls, ps, and so on
![Page 12: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/12.jpg)
Being Prepared What can an intruder see on the target systems? What can an intruder do with that information? Does anyone at the target notice the intruder's
attempts or successes?
1. What are you trying to protect? 2. Who are you trying to protect against? 3. How much time, effort, and money are you willing to
expend to obtain adequate protection?
![Page 13: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/13.jpg)
Modes of Ethical Hacking
Insider attack Outsider attack Stolen equipment attack Physical entry Bypassed authentication attack (wireless
access points) Social engineering attack
![Page 14: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/14.jpg)
Anatomy of an attack:– Reconnaissance – attacker gathers
information; can include social engineering.– Scanning – searches for open ports (port
scan) probes target for vulnerabilities.– Gaining access – attacker exploits
vulnerabilities to get inside system; used for spoofing IP.
– Maintaining access – creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in.
– Covering tracks – deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized.
![Page 15: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/15.jpg)
Hackers
Black Hats White Hats Gray Hats
![Page 16: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/16.jpg)
Black Hats: →Hacker specialized in unauthorized, illegal penetration.
→Use computers to attack systems for profit, for revenge, or for political motivations
White Hats: → Hacker who identifies security weakness in a computer system or network and
→ Exposes these weakness that will allow the system's owners to fix the breach.
Grey Hats: → Hybrid between White Hats and Black Hats. 16
![Page 17: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/17.jpg)
Script Kiddies:→ Use scripts or programs developed by others to attack computer systems and networks.
→ Objective - To impress their friends or gain credit in computer-enthusiast communities.
Hactivism : → The non-violent use of illegal or legally ambiguous digital tools in pursuit of political ends.
→Writing of code to promote political ideology - promoting expressive politics, free speech, human rights. 17
![Page 18: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/18.jpg)
Classes of Attack
1. Authentication2. Client-Side Attacks3. Command Execution4. Information Disclosure
18
![Page 19: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/19.jpg)
Authentication
Covers attacks that target a web site's method of validating the identity of a user, service or application.
Attack Types :
1. Brute Force
2. Weak Password Recovery Validation
19
![Page 20: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/20.jpg)
Client-Side Attacks
Focuses on the abuse or exploitation of a web site's users.
Attack Examples :
1. Content Spoofing
2. Cross-Site Scripting
20
![Page 21: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/21.jpg)
Command Execution
Covers attacks designed to execute remote commands on the web site
Attack Examples :
1. OS Commanding
2. SQL Injection
21
![Page 22: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/22.jpg)
SQL Injection
Allows a remote attacker to execute arbitrary databasecommands
Relies on poorly formed database queries and insufficientinput validation
Often facilitated, but does not rely on unhandledexceptions and ODBC error messages
Impact: MASSIVE. This is one of the most dangerousvulnerabilities on the web.
![Page 23: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/23.jpg)
Web App
Hacker
Uses SQL scriptinjection to
access data
![Page 24: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/24.jpg)
Information Disclosure
Covers attacks designed to acquire system specific information about a web site like backup / temporary files, softwares used etc..
Attack Examples :
1. Path Traversal
2. Predictable Resource Location
24
![Page 25: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/25.jpg)
Hacking
Definition :-
Google hacking is a term that refers to the art of creating complex search engine queries in order to filter through large amounts of search results for information related to computer security.
25
![Page 26: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/26.jpg)
Google Hacking QueriesInurl : inurl:admin inurl:passwd filetype:txt
Index of : "Index of /secret ""Index of /credit-card "
Intitle : ?intitle:index.of?MP3 Songname?intitle:index.of?ebook BookName
26
![Page 27: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/27.jpg)
Viruses: Viruses - A virus is a small piece of software that
piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
E-mail viruses - An e-mail virus moves around in e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book.
![Page 28: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/28.jpg)
Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well. Code Red is an example of a nasty worm.
Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.
![Page 29: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/29.jpg)
Horses:
A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.
![Page 30: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/30.jpg)
Hell Raising:
Denial of Service attacks (DoS) are a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Two types of DoS are called a Zombie and Pulsing Zombie.
IP Spoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
![Page 31: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/31.jpg)
Cont.
Port Scanning is the act of systematically scanning a computer's ports. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks, but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer.
![Page 32: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/32.jpg)
Wireless Security Insertion Attacks Unauthorized devices on the wireless network. This
can be clients or base stations. Interception and monitoring wireless traffic
Wireless Sniffer , Hijacking the session, Broadcast Monitoring, ArpSpoof Monitoring and Hijacking, BaseStation Clone (Evil Twin) intercept traffic
Client to Client Attacks Two wireless clients can talk directly to each other
by-passing the base station. Because of this, each client must protect itself from other clients.
![Page 33: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/33.jpg)
Wireless (continued) Jamming Denial of service attacks for wired networks are popular.
This same principle can be applied to wireless traffic, where legitimate traffic gets jammed because illegitimate traffic overwhelms the frequencies, and legitimate traffic can not get through.
2.4 GHz Interfering Technology An attacker with the proper equipment and tools can easily
flood the 2.4 GHz frequency, so that the signal to noise drops so low, that the wireless network ceases to function. This can be a risk with even non-malicious intent as more technologies use the same frequencies and cause blocking. Cordless phones, baby monitors, and other devices like Bluetooth that operate on the 2.4 GHz frequency can disrupt a wireless network.
![Page 34: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/34.jpg)
War Chalking:
Using chalk to place a special symbol on a sidewalk or other surface that indicates a nearby wireless network, especially one that offers Internet access.
![Page 35: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/35.jpg)
Based on old hobo language -----
![Page 36: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/36.jpg)
![Page 37: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/37.jpg)
Hacking Tools: Web Based Password Cracking
![Page 38: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/38.jpg)
Cain and Abel
![Page 39: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/39.jpg)
Cain and Abel (Cont.)
![Page 40: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/40.jpg)
Legion
![Page 41: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/41.jpg)
Brutus
![Page 42: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/42.jpg)
CERT - The Experts
Established in 1988, the CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
![Page 43: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/43.jpg)
![Page 45: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/45.jpg)
![Page 46: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/46.jpg)
Penalties under IT Act, 2000
S. 66 (2) – Hacking with Computer System“Whoever commits hacking shall be punished with imprisonment up to three years or with fine which may extend upto two lakh rupees, or both.”
Amarjit & Associates, New Delhi
![Page 47: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/47.jpg)
Penalties under IT Act, 2000
S. 72 – Penalty for Breach of Confidentiality and privacy
“If any person who, in pursuance of any powers conferred under this Act, Rules or Regulations made thereunder, has secured access to any electronic record, book register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document, or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.”
![Page 48: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/48.jpg)
Penalties under Indian Penal Code
S. 379 – Punishment for Theft
“ Whoever commits theft shall be punished with imprisonment of either description for a term which may extend to three years, or with fine, or with both.”
![Page 49: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/49.jpg)
Penalties under Indian Penal Code
S. 406 – Punishment for criminal breach of trust.
“Whoever commits criminal breach of trust shall be punished with imprisonment of either description for a term which may extend to three years, or with fine, or with both.”
![Page 50: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/50.jpg)
Penalties under Indian Penal Code
S. 447 – Punishment for criminal trespass
“Whoever commits criminal trespass shall be punished with imprisonment of either description for a term which may extend to three months, or with fine which may extend to five hundred rupees, or with both.”
![Page 51: Ethical Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022061110/5454093faf7959e10b8b4e03/html5/thumbnails/51.jpg)
THANK YOU